def kill_running_process(service_name, host, port): """Find and kill any running web service processes.""" try: pid = get_pid(service_name) except IOError: # We could not find an existing pidfile. return except ValueError: # The file contained a mangled and invalid PID number, so we should # clean the file up. remove_if_exists(pidfile_path(service_name)) else: if pid is not None: try: os.kill(pid, signal.SIGTERM) # We need to use a busy-wait to find out when the socket # becomes available. Failing to do so causes a race condition # between freeing the socket in the killed process, and # opening it in the current one. wait_for_service_shutdown(host, port) except os.error as err: if err.errno == errno.ESRCH: # Whoops, we got a 'No such process' error. The PID file # is probably stale, so we'll remove it to prevent trash # from lying around in the test environment. # See bug #237086. remove_if_exists(pidfile_path(service_name)) else: raise
def ensureNoFiles(self): """Ensure the .ht* files don't already exist.""" pub_config = getPubConfig(self.ppa) htaccess = os.path.join(pub_config.archiveroot, ".htaccess") htpasswd = os.path.join(pub_config.archiveroot, ".htpasswd") remove_if_exists(htaccess) remove_if_exists(htpasswd) return htaccess, htpasswd
def ensureNoFiles(self): """Ensure the .ht* files don't already exist.""" pub_config = getPubConfig(self.ppa) htaccess = os.path.join(pub_config.htaccessroot, ".htaccess") htpasswd = os.path.join(pub_config.htaccessroot, ".htpasswd") remove_if_exists(htaccess) remove_if_exists(htpasswd) return htaccess, htpasswd
def _makeSignatures(self, signatures, log=None): """Make a sequence of signatures. This abstraction is useful in the case where we're using an in-process `GPGHandler`, since it avoids having to import the secret key more than once. :param signatures: A sequence of (input path, output path, `SigningMode`, suite) tuples. Note that some backends may make a policy decision not to produce all the requested output paths. :param log: An optional logger. :return: A list of output paths that were produced. """ if not self.can_sign: raise CannotSignArchive("No signing key available for %s" % self.archive.displayname) if self.archive.signing_key is not None: secret_key_path = self.getPathForSecretKey( self.archive.signing_key) with open(secret_key_path) as secret_key_file: secret_key_export = secret_key_file.read() gpghandler = getUtility(IGPGHandler) secret_key = gpghandler.importSecretKey(secret_key_export) output_paths = [] for input_path, output_path, mode, suite in signatures: if self.archive.signing_key is not None: with open(input_path) as input_file: input_content = input_file.read() signature = gpghandler.signContent(input_content, secret_key, mode=self.gpgme_modes[mode]) with open(output_path, "w") as output_file: output_file.write(signature) output_paths.append(output_path) elif find_run_parts_dir(self.archive.distribution.name, "sign.d") is not None: remove_if_exists(output_path) env = { "ARCHIVEROOT": self.pubconf.archiveroot, "INPUT_PATH": input_path, "OUTPUT_PATH": output_path, "MODE": mode.name.lower(), "DISTRIBUTION": self.archive.distribution.name, "SUITE": suite, } run_parts(self.archive.distribution.name, "sign.d", log=log, env=env) if os.path.exists(output_path): output_paths.append(output_path) else: raise AssertionError("No signing key available for %s" % self.archive.displayname) return output_paths
def setUp(self, spew=False, umask=None): # setUp() watches the logfile to determine when the daemon has fully # started. If it sees an old logfile, then it will find the # readyservice.LOG_MAGIC string and return immediately, provoking # hard-to-diagnose race conditions. Delete the logfile to make sure # this does not happen. remove_if_exists(self.logfile) TacTestFixture.setUp(self, python_path=sys.executable, twistd_script=twistd_script)
def signOpal(self, image): """Attempt to sign a kernel image for Opal.""" remove_if_exists("%s.sig" % image) (pem, cert) = self.getKeys('Opal Kernel', self.generateOpalKeys, self.opal_pem, self.opal_x509) if not pem or not cert: return self.publishPublicKey(cert) cmdl = ["kmodsign", "-D", "sha512", pem, cert, image, image + ".sig"] return self.callLog("Opal signing", cmdl)
def signKmod(self, image): """Attempt to sign a kernel module.""" remove_if_exists("%s.sig" % image) (pem, cert) = self.getKeys('Kernel Module', self.generateKmodKeys, self.kmod_pem, self.kmod_x509) if not pem or not cert: return self.publishPublicKey(cert) cmdl = ["kmodsign", "-D", "sha512", pem, cert, image, image + ".sig"] return self.callLog("Kmod signing", cmdl)
def signUefi(self, image): """Attempt to sign an image.""" remove_if_exists("%s.signed" % image) (key, cert) = self.getKeys('UEFI', self.generateUefiKeys, self.uefi_key, self.uefi_cert) if not key or not cert: return self.publishPublicKey(cert) cmdl = ["sbsign", "--key", key, "--cert", cert, image] return self.callLog("UEFI signing", cmdl)
def extract(self): """Copy the custom upload to a temporary directory, and sign it. No actual extraction is required. """ super(UefiUpload, self).extract() if self.key is not None and self.cert is not None: efi_filenames = list(self.findEfiFilenames()) for efi_filename in efi_filenames: remove_if_exists("%s.signed" % efi_filename) self.sign(efi_filename)
def _setUp(self): pidfile = pidfile_path( "codebrowse", use_config=LayerProcessController.appserver_config) pid = get_pid_from_file(pidfile) if pid is not None: warnings.warn( "Attempt to start LoggerheadFixture with an existing " "instance (%d) running in %s." % (pid, pidfile)) kill_by_pidfile(pidfile) self.logfile = os.path.join(config.codebrowse.log_folder, "debug.log") remove_if_exists(self.logfile) self.addCleanup(kill_by_pidfile, pidfile) run_script( os.path.join("scripts", "start-loggerhead.py"), ["--daemon"], # The testrunner-appserver config provides the correct # openid_provider_root URL. extra_env={"LPCONFIG": BaseLayer.appserver_config_name}) self._waitForStartup()
def testEnsureHtaccess(self): """Ensure that the .htaccess file is generated correctly.""" # The publisher Config object does not have an interface, so we # need to remove the security wrapper. pub_config = getPubConfig(self.ppa) filename = os.path.join(pub_config.archiveroot, ".htaccess") remove_if_exists(filename) script = self.getScript() script.ensureHtaccess(self.ppa) self.addCleanup(remove_if_exists, filename) contents = [ "", "AuthType Basic", "AuthName \"Token Required\"", "AuthUserFile %s/.htpasswd" % pub_config.archiveroot, "Require valid-user", "", ] self.assertThat(filename, FileContains('\n'.join(contents)))
def testEnsureHtaccess(self): """Ensure that the .htaccess file is generated correctly.""" # The publisher Config object does not have an interface, so we # need to remove the security wrapper. pub_config = getPubConfig(self.ppa) filename = os.path.join(pub_config.htaccessroot, ".htaccess") remove_if_exists(filename) script = self.getScript() script.ensureHtaccess(self.ppa) self.addCleanup(remove_if_exists, filename) contents = [ "", "AuthType Basic", "AuthName \"Token Required\"", "AuthUserFile %s/.htpasswd" % pub_config.htaccessroot, "Require valid-user", "", ] self.assertThat(filename, FileContains('\n'.join(contents)))
def removeLog(self): remove_if_exists(self.logfile)